Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Ongoing DDoS attack on masternode network

Discussion in 'Official Announcements' started by UdjinM6, Mar 7, 2017.

  1. cibrigue

    cibrigue New Member

    Joined:
    Mar 20, 2017
    Messages:
    23
    Likes Received:
    11
    Trophy Points:
    3
    Thank you @camosoul for the script and the tutorial!

    I've found two misspellings in the setupiptables.sh:
    line 14: sudo iptables -A INPUT -m commtrack --ctstate RELATED,ESTABLISHED -j ACCEPT #commtrack -> conntrack
    line 27: sudo iptables -P INPUT DROP. #DROP. -> DROP

    And a few notes for novices like me who use Windows too:
    * if you happen to use a Windows editor to create/edit the script file, make sure that you save it with Unix line endings, otherwise you will get "$'\r': command not found" error while running the script on Linux
    * if you use the Tor Browser bundle, you must start the Tor Browser in order to start the Tor proxy which is needed to make the .onion addresses work with PuTTY
    * in PuTTY, you need to set up the proxy with the following parameters: SOCKS5, 127.0.0.1, port 9150
    * you need to use your .onion address in PuTTY, the IP address will not work
    * if you can't connect, don't panic, just ask for a new identity in the Tor Browser and try to connect again a few times
     
    • Like Like x 1
    • Agree Agree x 1
  2. cibrigue

    cibrigue New Member

    Joined:
    Mar 20, 2017
    Messages:
    23
    Likes Received:
    11
    Trophy Points:
    3
    As suggested in a previous post, connection rate limiting is a good protection against DDoS attacks for masternodes.

    UFW supports rate limiting, and it's relatively easy to use:
    http://manpages.ubuntu.com/manpages/precise/en/man8/ufw.8.html

    To limit the SSH and Dash daemon ports:
    Code:
    sudo ufw limit ssh/tcp  
    sudo ufw limit 9999/tcp
    
    If you use the more secure white-list approach, you probably don't even have UFW installed, so you need to set the values in your iptables. If you hid your SSH port as @camosoul suggested, you only need to worry about your public Dash port.
    I would recommend to change camosoul's setupiptables.sh script slightly at line 22 to add rate limiting:
    Code:
    #ALLOW DASHD TO DO IT'S THING
    sudo iptables -A INPUT -p tcp --dport 9999 -m state --state NEW -m recent --set          # the IP address of the host which initiated the connection will be added to the "recent list"
    sudo iptables -A INPUT -p tcp --dport 9999 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j DROP    # the IP address is only going to match if the last connection was within the timeframe (30s) given and the given count of connection attempts is greater than or equal to the number given (6)
    sudo iptables -A INPUT -p tcp --dport 9999 -j ACCEPT # otherwise accept it
    
    (I used the https://debian-administration.org/article/187/Using_iptables_to_rate-limit_incoming_connections article to make the change. Here is the documentation of the recent patch of iptables, which makes this thing happen. I'm not an iptables/linux expert, so could someone more experienced confirm that this really works as intended?)

    We also have more flexibility this way, because you can increase the acceptable rate if the ecosystem requires it. To be fair, ufw also allows you to change those parameters.

    My questions are:
    Are the values above (max. 6 attempts in 30 seconds) good for now?
    Does it affect the amount of work a masternode can do?
    Can we expect these numbers to change when the Dash network gets higher traffic?
     
    #122 cibrigue, Jul 7, 2017
    Last edited: Jul 7, 2017
  3. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,955
    Likes Received:
    1,088
    Trophy Points:
    183
    I believe I've rectumized, er, rectified these typos

    I presume that a MNO has at least the cognitive capacity to realize eth0 needs to be replaced with whatever the user's actual interface is. An MNO lacking that remedial understanding of reality should not be an MNO.
     
  4. Katie D. Baker

    Katie D. Baker New Member

    Joined:
    Aug 7, 2017
    Messages:
    4
    Likes Received:
    2
    Trophy Points:
    3
    Hey. Even I had a similar experience and I had to approach professional IT security services to clear the issue. I have been researching about this issue and found a blog very interesting.
    http://nci.ca/what-you-need-to-know-about-ddos-attacks/
    This article explains in detail about what all things you need to know about DDOS attacks
     
  5. EazyDay

    EazyDay Member

    Joined:
    Feb 2, 2017
    Messages:
    40
    Likes Received:
    13
    Trophy Points:
    48
    Dash Address:
    XtN1c3dxyHCTu4CtPi7z3U7pSTbLShupce
    Vultr offers DDOS protection is that a good buy or unnecessary?
     
  6. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,955
    Likes Received:
    1,088
    Trophy Points:
    183
    Why buy what you can do yourself?

    An MNO should have sufficient technical aptitude to service the network adequately.

    Think of it as a job interview that helps you become qualified even if you're not.
     
  7. Figlmüller

    Figlmüller Member

    Joined:
    Sep 2, 2014
    Messages:
    74
    Likes Received:
    44
    Trophy Points:
    58
    Weeell, yea. btw. Until you run into a systemd update introduced by the newest Debian upgrade, which renames your interfaces and takes your machine offline or some bullshit like that. Watch out for predictable network interface names, guys ;)

    So, yea. If you ever upgrade to Debian 9 on a ESXi VM with virtual network interfaces, keep that in mind.
     
  8. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,955
    Likes Received:
    1,088
    Trophy Points:
    183
    Pretty sure a complete noob isn't doing any off those things, either.

    It's called a test deployment. A non-critical machine that you try stuff out on before you apply it to production boxes.
     
  9. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,131
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    @camosoul, my old friend, where have you been?
    Welcome back!
    I was anxious that something happened to you, in las vegas.:D
     
    #129 demo, Oct 7, 2017
    Last edited: Oct 7, 2017
  10. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,955
    Likes Received:
    1,088
    Trophy Points:
    183
    Life Rule 1: Avoid stupid people, in stupid places, doing stupid things.
     
    • Agree Agree x 1
  11. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,955
    Likes Received:
    1,088
    Trophy Points:
    183
    Also, ESXi is still a thing? Get with it, man. :p
     
  12. SimontheRavager

    Joined:
    May 16, 2017
    Messages:
    182
    Likes Received:
    80
    Trophy Points:
    88
    DASH is just awesome, nothing more to say fellas ^^
     
    • Like Like x 1

Share This Page